Description
In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()

Add the same NULL guard already present in
l2cap_sock_resume_cb() and l2cap_sock_ready_cb().
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This flaw exists in the Bluetooth L2CAP layer of the Linux kernel, which handles socket callbacks for incoming connections. A missing NULL guard in the function that creates new connection callbacks could allow an attacker to trigger a kernel null‑pointer dereference, potentially causing a fatal crash and resulting in a denial‑of‑service condition. The bug was fixed by adding the same safety check that already exists in related callbacks, but prior to the patch it could be exploited by sending malformed Bluetooth packets to the vulnerable endpoint.

Affected Systems

The defect impacts any Linux kernel that contains the vulnerable Bluetooth stack. No specific kernel versions or release branches are listed, so all installations that might still run an affected kernel should be considered at risk until the fix is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of <1% suggests a low likelihood of exploitation. The vulnerable code runs in kernel space, and the attacker could trigger it remotely by sending crafted L2CAP frames over Bluetooth, making the potential impact high if the flaw remains unpatched. The issue is likely to be identified in logs as a kernel OOPS or panic event, indicating a full denial‑of‑service takeover of the affected host.

Generated by OpenCVE AI on May 28, 2026 at 01:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the commit that adds the NULL guard in l2cap_sock_new_connection_cb().
  • If a kernel update is not immediately possible, disable or unload the Bluetooth L2CAP modules so that the vulnerable code path is not executed.
  • Continuously monitor system logs for kernel OOPS or crash messages related to Bluetooth and apply a temporary workaround that limits L2CAP connections if the kernel provides such a runtime option.

Generated by OpenCVE AI on May 28, 2026 at 01:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 26 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().
Title Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:45:55.302Z

Reserved: 2026-05-13T15:03:33.077Z

Link: CVE-2026-45835

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T17:16:48.227

Modified: 2026-06-01T17:17:11.307

Link: CVE-2026-45835

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-26T00:00:00Z

Links: CVE-2026-45835 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T01:30:03Z

Weaknesses